People often desire to communicate securely and/or anonymously. In other words, individuals would like to ensure information is afforded solely to intended recipients and/or that communication participants are unidentifiable. Reasons for this desire are numerous and varied. For example, sensitive or confidential information can be transmitted between parties such as health and financial information or trade secrets. Alternatively, where information is publically disseminated, the source may want to remain anonymous to avoid consequences associated with the information. Further, anonymity with respect to the author/sender and reader/receiver can be important to avoid user profiling as a function of interactions, for instance. A number of conventional technologies can be employed to facilitate secure and/or anonymous communication including encryption and onion routing, among other things.
Encryption conceals communication content in a manner such that the content is not easily understood by unauthorized individuals. More specifically, encryption is a process of transforming plaintext into ciphertext utilizing a cipher to make the plaintext unreadable by anyone except an individual with special knowledge or a key. Decryption refers to the reverse process in which encryption is removed thereby revealing plaintext, for instance, by applying a known key. By way of example, consider public-key encryption. Here, a public key associated with an intended recipient can be employed by a sender to encrypt a message. The recipient can then use a secret key that corresponds to the public key to decrypt the message.
While communication content can be concealed utilizing encryption, alone this does not afford anonymity. Among other things, unencrypted communication headers might reveal a message destination. Furthermore, even if the header information is encrypted in accordance with an encryption scheme, anonymity is not guaranteed. For example, it is possible that one could determine the public key upon viewing the ciphertext thereby aiding identification of a communication recipient. Additionally, anonymity is difficult to achieve over a network since the routing infrastructure will know the identities of the sender and recipient.
Onion routing facilitates secure and anonymous communication. The basic idea is to protect the privacy of senders and recipients as well as content itself against network traffic analysis and eavesdropping as content travels across a network. The vast majority of network traffic travels along public routes making it relatively easy to observe communications. With onion routing, content can be randomly routed to a destination and encrypted by a sender utilizing public keys associated with path routers or relays. This forms the metaphorical onion. As each router receives this structure, it peels away a layer utilizing its private key revealing routing instructions therefore. The last router removes the final layer and provides the content to the recipient.
Onion routing provides several protections. First, an observer at any given point cannot know where a message came from or where it is going. Further yet, even one of the routers on the path will know nothing more than which routers immediately preceded and followed it on that path. In other words, a single router will not know about the original sender or final recipient. Still further, even if several of these routers pool their information, as long as there is one honest router on the path from sender to recipient, the other routers will be unable to learn anything.
As most techniques, onion routing does not provide perfect protection. However, it does provide a high degree of unlinkablity such that an eavesdropper, either on a network or on one of the intermediate routers, cannot easily determine the identity of the sender and receiver. To send a message via onion routing, the sender is required to know the destination address of the recipient beforehand. This may not be public knowledge if the recipient wants to protect his/her anonymity in the network. If the recipient has a static address in the network, the recipient may tell the sender his/her address a priori in some off-band channel, for example, face-to-face communication. However, if the recipient changes addresses frequently keeping all potential senders updated with his current address may be difficult.